Welcome to the Air Force Institute of Technology

AFIT Wins CDX For 10th YearPosted Monday, April 30, 2012

Students from the Air Force Institute of Technology’s (AFIT) Center for Cyberspace Research (CCR) earned the top score among the graduate military schools in the National Security Agency’s (NSA) 2012 Cyber Defense Exercise (CDX) conducted April 16-20.

The CDX, annually sponsored and directed by the NSA’s Information Assurance Directorate, consisted of eight teams at seven schools. The five U.S. military undergraduate service academies were the U.S. Military Academy, the U.S. Air Force Academy, the U.S. Naval Academy, the U.S. Merchant Marine Academy, and the U.S. Coast Guard Academy. The military graduate schools that participated were AFIT and the Royal Military College of Canada.

AFIT had two teams participate under the leadership of Dr. Tim Lacey, Director of Information Technology at the Center for Cyberspace Research. The AFIT teams once again performed strongly, compiling the top scores among the graduate schools. This is the 10th consecutive win at the graduate level for AFIT/CCR since its inaugural participation in 2003.

As is tradition, the CDX trophy is reserved and awarded to the undergraduate service academy with the highest score. This year, that honor went to the cadets of the U.S. Air Force Academy.

AFIT/CCR participates in the CDX, which began in 2000, to allow students to gain real-life experience in the protection of critical computing resources. Through a set of operational attack scenarios conducted by NSA security experts, students must manage the network under attack and respond appropriately to keep services available to end-users. Administrators conduct the entire exercise on Virtual Private Networks, providing a safe haven for the exercise while preventing interference with real-world networks. NSA referees score the exercise automatically to ensure impartial treatment for each school. Students are required to keep their networks up and running 24/7 during the exercise.

“This year’s exercise incorporated a Linux-based web application the students securely configured to prevent remote attacks,” said Dr. Lacey. “The students also had to incorporate a simulated general’s laptop into the network in a very limited amount of time. The laptop presented a security risk as it contained malware that attacked other machines in the students’ network.”

There were some anxious moments for the AFIT teams during the exercise. NSA attackers, with the assistance of simulated “inattentive” computer users, were successful at planting malware on the teams’ workstations to the extent the workstations were practically unusable. However, AFIT students defended and maintained their core network services successfully while minimizing the extent of harm caused by the malware planted by NSA attackers. “Thanks to security devices like an authenticating proxy server that checked every attempt to connect outside our network, the malware was stopped in its tracks and constrained within the workstations,” said Dr. Lacey.

Use of this DoD computer system, authorized or unauthorized, constitutes consent to monitoring of this system. Unauthorized use may subject you to criminal prosecution. Evidence of unauthorized use collected during monitoring may be used for administrative, criminal, or other adverse action. Use of this system constitutes consent to monitoring for these purposes.